diff --git a/charts/cloud-controls/Chart.yaml b/charts/cloud-controls/Chart.yaml index fbbf519b..7e743bd1 100644 --- a/charts/cloud-controls/Chart.yaml +++ b/charts/cloud-controls/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 name: cloud-controls description: Cloud Controls Helm Chart -version: 0.0.3 +version: 0.0.4 keywords: - kubernetes - nirmata diff --git a/charts/cloud-controls/charts/apigateway/templates/check-api-protocol.yaml b/charts/cloud-controls/charts/apigateway/templates/check-api-protocol.yaml index 3495b176..cd3973ba 100644 --- a/charts/cloud-controls/charts/apigateway/templates/check-api-protocol.yaml +++ b/charts/cloud-controls/charts/apigateway/templates/check-api-protocol.yaml @@ -16,7 +16,7 @@ metadata: low-latency communication, requires persistent connections, which can increase costs. For cost-effectiveness, choose HTTP unless real-time communication is critical to your application. labels: - app: kyverno + app: cloud-control-point spec: failureAction: {{ if hasKey .Values $camelCaseName }}{{ if hasKey (index .Values $camelCaseName) "failureAction" }}{{ index (index .Values $camelCaseName) "failureAction" }}{{ else }}{{ .Values.failureAction | default "Audit" }}{{ end }}{{ else }}{{ .Values.failureAction | default "Audit" }}{{ end }} scan: {{ if hasKey .Values $camelCaseName }}{{ if hasKey (index .Values $camelCaseName) "scanner" }}{{ index (index .Values $camelCaseName) "scanner" }}{{ else if hasKey .Values "scanner" }}{{ .Values.scanner }}{{ else }}true{{ end }}{{ else if hasKey .Values "scanner" }}{{ .Values.scanner }}{{ else }}true{{ end }} diff --git a/charts/cloud-controls/charts/apigateway/templates/check-method-caching-enabled.yaml b/charts/cloud-controls/charts/apigateway/templates/check-method-caching-enabled.yaml index cf968f82..3740542b 100644 --- a/charts/cloud-controls/charts/apigateway/templates/check-method-caching-enabled.yaml +++ b/charts/cloud-controls/charts/apigateway/templates/check-method-caching-enabled.yaml @@ -15,7 +15,7 @@ metadata: which helps improve performance, reduce latency, and lower operational costs by minimizing redundant requests to the backend services. Enforcing this best practice enhances the efficiency and reliability of your API. labels: - app: kyverno + app: cloud-control-point spec: failureAction: {{ if hasKey .Values $camelCaseName }}{{ if hasKey (index .Values $camelCaseName) "failureAction" }}{{ index (index .Values $camelCaseName) "failureAction" }}{{ else }}{{ .Values.failureAction | default "Audit" }}{{ end }}{{ else }}{{ .Values.failureAction | default "Audit" }}{{ end }} scan: {{ if hasKey .Values $camelCaseName }}{{ if hasKey (index .Values $camelCaseName) "scanner" }}{{ index (index .Values $camelCaseName) "scanner" }}{{ else if hasKey .Values "scanner" }}{{ .Values.scanner }}{{ else }}true{{ end }}{{ else if hasKey .Values "scanner" }}{{ .Values.scanner }}{{ else }}true{{ end }} diff --git a/charts/cloud-controls/charts/apigateway/templates/check-method-caching-encryption-enabled.yaml b/charts/cloud-controls/charts/apigateway/templates/check-method-caching-encryption-enabled.yaml index 37c3c789..d3bef37b 100644 --- a/charts/cloud-controls/charts/apigateway/templates/check-method-caching-encryption-enabled.yaml +++ b/charts/cloud-controls/charts/apigateway/templates/check-method-caching-encryption-enabled.yaml @@ -15,7 +15,7 @@ metadata: safeguarding sensitive data stored in the cache. Enforcing this practice enhances the security and compliance of your API by preventing unauthorized access to cached data. labels: - app: kyverno + app: cloud-control-point spec: failureAction: {{ if hasKey .Values $camelCaseName }}{{ if hasKey (index .Values $camelCaseName) "failureAction" }}{{ index (index .Values $camelCaseName) "failureAction" }}{{ else }}{{ .Values.failureAction | default "Audit" }}{{ end }}{{ else }}{{ .Values.failureAction | default "Audit" }}{{ end }} scan: {{ if hasKey .Values $camelCaseName }}{{ if hasKey (index .Values $camelCaseName) "scanner" }}{{ index (index .Values $camelCaseName) "scanner" }}{{ else if hasKey .Values "scanner" }}{{ .Values.scanner }}{{ else }}true{{ end }}{{ else if hasKey .Values "scanner" }}{{ .Values.scanner }}{{ else }}true{{ end }} diff --git a/charts/cloud-controls/charts/apigateway/templates/check-method-data-tracing-disabled.yaml b/charts/cloud-controls/charts/apigateway/templates/check-method-data-tracing-disabled.yaml index 8a537be4..5f002aad 100644 --- a/charts/cloud-controls/charts/apigateway/templates/check-method-data-tracing-disabled.yaml +++ b/charts/cloud-controls/charts/apigateway/templates/check-method-data-tracing-disabled.yaml @@ -14,7 +14,7 @@ metadata: This policy ensures that data tracing is disabled in API Gateway method settings to prevent sensitive data from being logged. Enforcing this practice helps enhance security, protect user privacy, and reduce the risk of exposing sensitive information in logs. labels: - app: kyverno + app: cloud-control-point spec: failureAction: {{ if hasKey .Values $camelCaseName }}{{ if hasKey (index .Values $camelCaseName) "failureAction" }}{{ index (index .Values $camelCaseName) "failureAction" }}{{ else }}{{ .Values.failureAction | default "Audit" }}{{ end }}{{ else }}{{ .Values.failureAction | default "Audit" }}{{ end }} scan: {{ if hasKey .Values $camelCaseName }}{{ if hasKey (index .Values $camelCaseName) "scanner" }}{{ index (index .Values $camelCaseName) "scanner" }}{{ else if hasKey .Values "scanner" }}{{ .Values.scanner }}{{ else }}true{{ end }}{{ else if hasKey .Values "scanner" }}{{ .Values.scanner }}{{ else }}true{{ end }} diff --git a/charts/cloud-controls/charts/apigateway/templates/check-method-throttling-limit.yaml b/charts/cloud-controls/charts/apigateway/templates/check-method-throttling-limit.yaml index 7b26eb1d..be155324 100644 --- a/charts/cloud-controls/charts/apigateway/templates/check-method-throttling-limit.yaml +++ b/charts/cloud-controls/charts/apigateway/templates/check-method-throttling-limit.yaml @@ -15,7 +15,7 @@ metadata: are properly configured in API Gateway method settings. Enforcing this practice prevents resource overuse, enhances API reliability, and ensures fair usage by controlling the request rates to backend services. labels: - app: kyverno + app: cloud-control-point spec: failureAction: {{ if hasKey .Values $camelCaseName }}{{ if hasKey (index .Values $camelCaseName) "failureAction" }}{{ index (index .Values $camelCaseName) "failureAction" }}{{ else }}{{ .Values.failureAction | default "Audit" }}{{ end }}{{ else }}{{ .Values.failureAction | default "Audit" }}{{ end }} scan: {{ if hasKey .Values $camelCaseName }}{{ if hasKey (index .Values $camelCaseName) "scanner" }}{{ index (index .Values $camelCaseName) "scanner" }}{{ else if hasKey .Values "scanner" }}{{ .Values.scanner }}{{ else }}true{{ end }}{{ else if hasKey .Values "scanner" }}{{ .Values.scanner }}{{ else }}true{{ end }} diff --git a/charts/cloud-controls/charts/apigateway/templates/check-stage-access-logging-enabled.yaml b/charts/cloud-controls/charts/apigateway/templates/check-stage-access-logging-enabled.yaml index 96831ca6..53323de1 100644 --- a/charts/cloud-controls/charts/apigateway/templates/check-stage-access-logging-enabled.yaml +++ b/charts/cloud-controls/charts/apigateway/templates/check-stage-access-logging-enabled.yaml @@ -15,7 +15,7 @@ metadata: which is critical for monitoring and auditing API activity. Enforcing this practice improves observability, aids in troubleshooting issues, and enhances security by maintaining a detailed record of API access and usage. labels: - app: kyverno + app: cloud-control-point spec: failureAction: {{ if hasKey .Values $camelCaseName }}{{ if hasKey (index .Values $camelCaseName) "failureAction" }}{{ index (index .Values $camelCaseName) "failureAction" }}{{ else }}{{ .Values.failureAction | default "Audit" }}{{ end }}{{ else }}{{ .Values.failureAction | default "Audit" }}{{ end }} scan: {{ if hasKey .Values $camelCaseName }}{{ if hasKey (index .Values $camelCaseName) "scanner" }}{{ index (index .Values $camelCaseName) "scanner" }}{{ else if hasKey .Values "scanner" }}{{ .Values.scanner }}{{ else }}true{{ end }}{{ else if hasKey .Values "scanner" }}{{ .Values.scanner }}{{ else }}true{{ end }} diff --git a/charts/cloud-controls/charts/apigateway/templates/check-stage-cache-cluster-enabled.yaml b/charts/cloud-controls/charts/apigateway/templates/check-stage-cache-cluster-enabled.yaml index 04bcaa99..58979d1f 100644 --- a/charts/cloud-controls/charts/apigateway/templates/check-stage-cache-cluster-enabled.yaml +++ b/charts/cloud-controls/charts/apigateway/templates/check-stage-cache-cluster-enabled.yaml @@ -15,7 +15,7 @@ metadata: which enhances performance by reducing backend load and improving response times. Enforcing this best practice helps optimize resource utilization and provides a better user experience for API consumers. labels: - app: kyverno + app: cloud-control-point spec: failureAction: {{ if hasKey .Values $camelCaseName }}{{ if hasKey (index .Values $camelCaseName) "failureAction" }}{{ index (index .Values $camelCaseName) "failureAction" }}{{ else }}{{ .Values.failureAction | default "Audit" }}{{ end }}{{ else }}{{ .Values.failureAction | default "Audit" }}{{ end }} scan: {{ if hasKey .Values $camelCaseName }}{{ if hasKey (index .Values $camelCaseName) "scanner" }}{{ index (index .Values $camelCaseName) "scanner" }}{{ else if hasKey .Values "scanner" }}{{ .Values.scanner }}{{ else }}true{{ end }}{{ else if hasKey .Values "scanner" }}{{ .Values.scanner }}{{ else }}true{{ end }} diff --git a/charts/cloud-controls/charts/apigateway/templates/check-stage-xray-tracing-enabled.yaml b/charts/cloud-controls/charts/apigateway/templates/check-stage-xray-tracing-enabled.yaml index dcee83ec..fce3b702 100644 --- a/charts/cloud-controls/charts/apigateway/templates/check-stage-xray-tracing-enabled.yaml +++ b/charts/cloud-controls/charts/apigateway/templates/check-stage-xray-tracing-enabled.yaml @@ -16,7 +16,7 @@ metadata: Enforcing this practice improves observability, helps identify bottlenecks, and enhances debugging capabilities, ensuring better performance and reliability of your APIs. labels: - app: kyverno + app: cloud-control-point spec: failureAction: {{ if hasKey .Values $camelCaseName }}{{ if hasKey (index .Values $camelCaseName) "failureAction" }}{{ index (index .Values $camelCaseName) "failureAction" }}{{ else }}{{ .Values.failureAction | default "Audit" }}{{ end }}{{ else }}{{ .Values.failureAction | default "Audit" }}{{ end }} scan: {{ if hasKey .Values $camelCaseName }}{{ if hasKey (index .Values $camelCaseName) "scanner" }}{{ index (index .Values $camelCaseName) "scanner" }}{{ else if hasKey .Values "scanner" }}{{ .Values.scanner }}{{ else }}true{{ end }}{{ else if hasKey .Values "scanner" }}{{ .Values.scanner }}{{ else }}true{{ end }} diff --git a/charts/cloud-controls/charts/ecs/templates/check-awsvpc-network-mode.yaml b/charts/cloud-controls/charts/ecs/templates/check-awsvpc-network-mode.yaml index 970bdfff..9c563dda 100644 --- a/charts/cloud-controls/charts/ecs/templates/check-awsvpc-network-mode.yaml +++ b/charts/cloud-controls/charts/ecs/templates/check-awsvpc-network-mode.yaml @@ -16,7 +16,7 @@ metadata: The awsvpc network mode provides task-level network isolation for tasks that run on Amazon EC2. labels: - app: kyverno + app: cloud-control-point spec: failureAction: {{ if hasKey .Values $camelCaseName }}{{ if hasKey (index .Values $camelCaseName) "failureAction" }}{{ index (index .Values $camelCaseName) "failureAction" }}{{ else }}{{ .Values.failureAction | default "Audit" }}{{ end }}{{ else }}{{ .Values.failureAction | default "Audit" }}{{ end }} scan: {{ if hasKey .Values $camelCaseName }}{{ if hasKey (index .Values $camelCaseName) "scanner" }}{{ index (index .Values $camelCaseName) "scanner" }}{{ else if hasKey .Values "scanner" }}{{ .Values.scanner }}{{ else }}true{{ end }}{{ else if hasKey .Values "scanner" }}{{ .Values.scanner }}{{ else }}true{{ end }} diff --git a/charts/cloud-controls/charts/ecs/templates/validate-ecs-container-insights-enabled.yaml b/charts/cloud-controls/charts/ecs/templates/validate-ecs-container-insights-enabled.yaml index 745bbc51..8f88b9ff 100644 --- a/charts/cloud-controls/charts/ecs/templates/validate-ecs-container-insights-enabled.yaml +++ b/charts/cloud-controls/charts/ecs/templates/validate-ecs-container-insights-enabled.yaml @@ -14,7 +14,7 @@ metadata: Container Insights enhances the operational visibility of ECS clusters, allowing for proactive issue resolution. Enabling this feature ensures that diagnostic information is readily available, contributing to a more efficient and reliable containerized environment. labels: - app: kyverno + app: cloud-control-point spec: failureAction: {{ if hasKey .Values $camelCaseName }}{{ if hasKey (index .Values $camelCaseName) "failureAction" }}{{ index (index .Values $camelCaseName) "failureAction" }}{{ else }}{{ .Values.failureAction | default "Audit" }}{{ end }}{{ else }}{{ .Values.failureAction | default "Audit" }}{{ end }} scan: {{ if hasKey .Values $camelCaseName }}{{ if hasKey (index .Values $camelCaseName) "scanner" }}{{ index (index .Values $camelCaseName) "scanner" }}{{ else if hasKey .Values "scanner" }}{{ .Values.scanner }}{{ else }}true{{ end }}{{ else if hasKey .Values "scanner" }}{{ .Values.scanner }}{{ else }}true{{ end }} diff --git a/charts/cloud-controls/charts/ecs/templates/validate-ecs-containers-nonprivileged.yaml b/charts/cloud-controls/charts/ecs/templates/validate-ecs-containers-nonprivileged.yaml index 6d48c60d..e66f7aad 100644 --- a/charts/cloud-controls/charts/ecs/templates/validate-ecs-containers-nonprivileged.yaml +++ b/charts/cloud-controls/charts/ecs/templates/validate-ecs-containers-nonprivileged.yaml @@ -14,7 +14,7 @@ metadata: When privileged is set to true, the container is given elevated permissions on the host container instance (similar to the root user). This policy checks that the privileged parameter in the container definition is set to false. labels: - app: kyverno + app: cloud-control-point spec: failureAction: {{ if hasKey .Values $camelCaseName }}{{ if hasKey (index .Values $camelCaseName) "failureAction" }}{{ index (index .Values $camelCaseName) "failureAction" }}{{ else }}{{ .Values.failureAction | default "Audit" }}{{ end }}{{ else }}{{ .Values.failureAction | default "Audit" }}{{ end }} scan: {{ if hasKey .Values $camelCaseName }}{{ if hasKey (index .Values $camelCaseName) "scanner" }}{{ index (index .Values $camelCaseName) "scanner" }}{{ else if hasKey .Values "scanner" }}{{ .Values.scanner }}{{ else }}true{{ end }}{{ else if hasKey .Values "scanner" }}{{ .Values.scanner }}{{ else }}true{{ end }} diff --git a/charts/cloud-controls/charts/ecs/templates/validate-ecs-containers-readonly.yaml b/charts/cloud-controls/charts/ecs/templates/validate-ecs-containers-readonly.yaml index 0c5b0096..38984fb5 100644 --- a/charts/cloud-controls/charts/ecs/templates/validate-ecs-containers-readonly.yaml +++ b/charts/cloud-controls/charts/ecs/templates/validate-ecs-containers-readonly.yaml @@ -15,7 +15,7 @@ metadata: One significant aspect is restricting write access to the containers' root filesystem. This policy checks if ECS Containers have read-only access to its root filesystem. labels: - app: kyverno + app: cloud-control-point spec: failureAction: {{ if hasKey .Values $camelCaseName }}{{ if hasKey (index .Values $camelCaseName) "failureAction" }}{{ index (index .Values $camelCaseName) "failureAction" }}{{ else }}{{ .Values.failureAction | default "Audit" }}{{ end }}{{ else }}{{ .Values.failureAction | default "Audit" }}{{ end }} scan: {{ if hasKey .Values $camelCaseName }}{{ if hasKey (index .Values $camelCaseName) "scanner" }}{{ index (index .Values $camelCaseName) "scanner" }}{{ else if hasKey .Values "scanner" }}{{ .Values.scanner }}{{ else }}true{{ end }}{{ else if hasKey .Values "scanner" }}{{ .Values.scanner }}{{ else }}true{{ end }} diff --git a/charts/cloud-controls/charts/ecs/templates/validate-ecs-task-definition-log-configuration.yaml b/charts/cloud-controls/charts/ecs/templates/validate-ecs-task-definition-log-configuration.yaml index 295f62e5..96e23fbf 100644 --- a/charts/cloud-controls/charts/ecs/templates/validate-ecs-task-definition-log-configuration.yaml +++ b/charts/cloud-controls/charts/ecs/templates/validate-ecs-task-definition-log-configuration.yaml @@ -16,7 +16,7 @@ metadata: to access container logs. It also allows integration with monitoring tools to set up metrics and alerts based on log data. This policy checks if ECS TaskDefinitions and Services have logConfiguration defined. labels: - app: kyverno + app: cloud-control-point spec: failureAction: {{ if hasKey .Values $camelCaseName }}{{ if hasKey (index .Values $camelCaseName) "failureAction" }}{{ index (index .Values $camelCaseName) "failureAction" }}{{ else }}{{ .Values.failureAction | default "Audit" }}{{ end }}{{ else }}{{ .Values.failureAction | default "Audit" }}{{ end }} scan: {{ if hasKey .Values $camelCaseName }}{{ if hasKey (index .Values $camelCaseName) "scanner" }}{{ index (index .Values $camelCaseName) "scanner" }}{{ else if hasKey .Values "scanner" }}{{ .Values.scanner }}{{ else }}true{{ end }}{{ else if hasKey .Values "scanner" }}{{ .Values.scanner }}{{ else }}true{{ end }} diff --git a/charts/cloud-controls/charts/ecs/templates/validate-ecs-task-definition-memory-hard-limit.yaml b/charts/cloud-controls/charts/ecs/templates/validate-ecs-task-definition-memory-hard-limit.yaml index ee7b333f..d1b58f11 100644 --- a/charts/cloud-controls/charts/ecs/templates/validate-ecs-task-definition-memory-hard-limit.yaml +++ b/charts/cloud-controls/charts/ecs/templates/validate-ecs-task-definition-memory-hard-limit.yaml @@ -17,7 +17,7 @@ metadata: Therefore, it is crucial to enforce a hard memory limit on each container to prevent resource contention. If a container exceeds its memory limit, it will be terminated by ECS. labels: - app: kyverno + app: cloud-control-point spec: failureAction: {{ if hasKey .Values $camelCaseName }}{{ if hasKey (index .Values $camelCaseName) "failureAction" }}{{ index (index .Values $camelCaseName) "failureAction" }}{{ else }}{{ .Values.failureAction | default "Audit" }}{{ end }}{{ else }}{{ .Values.failureAction | default "Audit" }}{{ end }} scan: {{ if hasKey .Values $camelCaseName }}{{ if hasKey (index .Values $camelCaseName) "scanner" }}{{ index (index .Values $camelCaseName) "scanner" }}{{ else if hasKey .Values "scanner" }}{{ .Values.scanner }}{{ else }}true{{ end }}{{ else if hasKey .Values "scanner" }}{{ .Values.scanner }}{{ else }}true{{ end }} diff --git a/charts/cloud-controls/charts/ecs/templates/validate-ecs-task-definition-nonroot-user.yaml b/charts/cloud-controls/charts/ecs/templates/validate-ecs-task-definition-nonroot-user.yaml index 6bf786a8..092a60bf 100644 --- a/charts/cloud-controls/charts/ecs/templates/validate-ecs-task-definition-nonroot-user.yaml +++ b/charts/cloud-controls/charts/ecs/templates/validate-ecs-task-definition-nonroot-user.yaml @@ -19,7 +19,7 @@ metadata: It also follows the security principle of least privilege, which dictates that applications and processes should operate with minimum privileges necessary to perform their functions. labels: - app: kyverno + app: cloud-control-point spec: failureAction: {{ if hasKey .Values $camelCaseName }}{{ if hasKey (index .Values $camelCaseName) "failureAction" }}{{ index (index .Values $camelCaseName) "failureAction" }}{{ else }}{{ .Values.failureAction | default "Audit" }}{{ end }}{{ else }}{{ .Values.failureAction | default "Audit" }}{{ end }} scan: {{ if hasKey .Values $camelCaseName }}{{ if hasKey (index .Values $camelCaseName) "scanner" }}{{ index (index .Values $camelCaseName) "scanner" }}{{ else if hasKey .Values "scanner" }}{{ .Values.scanner }}{{ else }}true{{ end }}{{ else if hasKey .Values "scanner" }}{{ .Values.scanner }}{{ else }}true{{ end }} diff --git a/charts/cloud-controls/charts/ecs/templates/validate-ecs-task-definition-pid-mode-check.yaml b/charts/cloud-controls/charts/ecs/templates/validate-ecs-task-definition-pid-mode-check.yaml index a07c9dc6..57921dc0 100644 --- a/charts/cloud-controls/charts/ecs/templates/validate-ecs-task-definition-pid-mode-check.yaml +++ b/charts/cloud-controls/charts/ecs/templates/validate-ecs-task-definition-pid-mode-check.yaml @@ -17,7 +17,7 @@ metadata: These circumstances could lead to unauthorized access to processes on the host itself, including the ability to manipulate and terminate them. Customers shouldn't share the host's process namespace with containers running on it. labels: - app: kyverno + app: cloud-control-point spec: failureAction: {{ if hasKey .Values $camelCaseName }}{{ if hasKey (index .Values $camelCaseName) "failureAction" }}{{ index (index .Values $camelCaseName) "failureAction" }}{{ else }}{{ .Values.failureAction | default "Audit" }}{{ end }}{{ else }}{{ .Values.failureAction | default "Audit" }}{{ end }} scan: {{ if hasKey .Values $camelCaseName }}{{ if hasKey (index .Values $camelCaseName) "scanner" }}{{ index (index .Values $camelCaseName) "scanner" }}{{ else if hasKey .Values "scanner" }}{{ .Values.scanner }}{{ else }}true{{ end }}{{ else if hasKey .Values "scanner" }}{{ .Values.scanner }}{{ else }}true{{ end }} diff --git a/charts/cloud-controls/charts/ecs/templates/validate-ecs-task-definition-user-for-host-mode-check.yaml b/charts/cloud-controls/charts/ecs/templates/validate-ecs-task-definition-user-for-host-mode-check.yaml index 46b3ea8e..4544f029 100644 --- a/charts/cloud-controls/charts/ecs/templates/validate-ecs-task-definition-user-for-host-mode-check.yaml +++ b/charts/cloud-controls/charts/ecs/templates/validate-ecs-task-definition-user-for-host-mode-check.yaml @@ -15,7 +15,7 @@ metadata: In scenarios where tasks employ the `host` network mode, it's crucial to avoid running containers with the root user (UID 0) for enhanced security. As a recommended security practice, it is recommended to opt for a non-root user. labels: - app: kyverno + app: cloud-control-point spec: failureAction: {{ if hasKey .Values $camelCaseName }}{{ if hasKey (index .Values $camelCaseName) "failureAction" }}{{ index (index .Values $camelCaseName) "failureAction" }}{{ else }}{{ .Values.failureAction | default "Audit" }}{{ end }}{{ else }}{{ .Values.failureAction | default "Audit" }}{{ end }} scan: {{ if hasKey .Values $camelCaseName }}{{ if hasKey (index .Values $camelCaseName) "scanner" }}{{ index (index .Values $camelCaseName) "scanner" }}{{ else if hasKey .Values "scanner" }}{{ .Values.scanner }}{{ else }}true{{ end }}{{ else if hasKey .Values "scanner" }}{{ .Values.scanner }}{{ else }}true{{ end }} diff --git a/charts/cloud-controls/charts/ecs/templates/validate-ecs-task-public-ip.yaml b/charts/cloud-controls/charts/ecs/templates/validate-ecs-task-public-ip.yaml index f43bb42a..11796cf8 100644 --- a/charts/cloud-controls/charts/ecs/templates/validate-ecs-task-public-ip.yaml +++ b/charts/cloud-controls/charts/ecs/templates/validate-ecs-task-public-ip.yaml @@ -14,7 +14,7 @@ metadata: ECS tasks with public IP address enabled, are easily reachable from the internet. This policy validates whether public IP address is enabled on the ECS task labels: - app: kyverno + app: cloud-control-point spec: failureAction: {{ if hasKey .Values $camelCaseName }}{{ if hasKey (index .Values $camelCaseName) "failureAction" }}{{ index (index .Values $camelCaseName) "failureAction" }}{{ else }}{{ .Values.failureAction | default "Audit" }}{{ end }}{{ else }}{{ .Values.failureAction | default "Audit" }}{{ end }} scan: {{ if hasKey .Values $camelCaseName }}{{ if hasKey (index .Values $camelCaseName) "scanner" }}{{ index (index .Values $camelCaseName) "scanner" }}{{ else if hasKey .Values "scanner" }}{{ .Values.scanner }}{{ else }}true{{ end }}{{ else if hasKey .Values "scanner" }}{{ .Values.scanner }}{{ else }}true{{ end }} diff --git a/charts/cloud-controls/charts/ecs/templates/validate-efs-volume-encryption.yaml b/charts/cloud-controls/charts/ecs/templates/validate-efs-volume-encryption.yaml index d7294338..c72eb8c2 100644 --- a/charts/cloud-controls/charts/ecs/templates/validate-efs-volume-encryption.yaml +++ b/charts/cloud-controls/charts/ecs/templates/validate-efs-volume-encryption.yaml @@ -14,7 +14,7 @@ metadata: Amazon EFS file systems can be used with Amazon ECS to export file system data across your fleet of container instances. To ensure encryption is enabled in transit, this policy validates whether `transitEncryption` is set to ENABLED in the task definition. labels: - app: kyverno + app: cloud-control-point spec: failureAction: {{ if hasKey .Values $camelCaseName }}{{ if hasKey (index .Values $camelCaseName) "failureAction" }}{{ index (index .Values $camelCaseName) "failureAction" }}{{ else }}{{ .Values.failureAction | default "Audit" }}{{ end }}{{ else }}{{ .Values.failureAction | default "Audit" }}{{ end }} scan: {{ if hasKey .Values $camelCaseName }}{{ if hasKey (index .Values $camelCaseName) "scanner" }}{{ index (index .Values $camelCaseName) "scanner" }}{{ else if hasKey .Values "scanner" }}{{ .Values.scanner }}{{ else }}true{{ end }}{{ else if hasKey .Values "scanner" }}{{ .Values.scanner }}{{ else }}true{{ end }} diff --git a/charts/cloud-controls/charts/eks/templates/check-public-access-cidr.yaml b/charts/cloud-controls/charts/eks/templates/check-public-access-cidr.yaml index 99ac2aff..ed99e9fd 100644 --- a/charts/cloud-controls/charts/eks/templates/check-public-access-cidr.yaml +++ b/charts/cloud-controls/charts/eks/templates/check-public-access-cidr.yaml @@ -13,7 +13,7 @@ metadata: policies.kyverno.io/description: >- Ensuring that the Amazon EKS public endpoint is not accessible to 0.0.0.0/0 is a fundamental security measure that helps protect your EKS clusters from unauthorized access, security threats, and compliance violations. labels: - app: kyverno + app: cloud-control-point spec: failureAction: {{ if hasKey .Values $camelCaseName }}{{ if hasKey (index .Values $camelCaseName) "failureAction" }}{{ index (index .Values $camelCaseName) "failureAction" }}{{ else }}{{ .Values.failureAction | default "Audit" }}{{ end }}{{ else }}{{ .Values.failureAction | default "Audit" }}{{ end }} scan: {{ if hasKey .Values $camelCaseName }}{{ if hasKey (index .Values $camelCaseName) "scanner" }}{{ index (index .Values $camelCaseName) "scanner" }}{{ else if hasKey .Values "scanner" }}{{ .Values.scanner }}{{ else }}true{{ end }}{{ else if hasKey .Values "scanner" }}{{ .Values.scanner }}{{ else }}true{{ end }} diff --git a/charts/cloud-controls/charts/eks/templates/check-public-endpoint.yaml b/charts/cloud-controls/charts/eks/templates/check-public-endpoint.yaml index 94c7ae6b..3144f53f 100644 --- a/charts/cloud-controls/charts/eks/templates/check-public-endpoint.yaml +++ b/charts/cloud-controls/charts/eks/templates/check-public-endpoint.yaml @@ -15,7 +15,7 @@ metadata: It protects against external threats and enforces network segmentation, restricting access to only trusted entities within the network environment. This measure helps organizations meet compliance requirements, maintains operational security, and safeguards the reliability and performance of Kubernetes clusters. labels: - app: kyverno + app: cloud-control-point spec: failureAction: {{ if hasKey .Values $camelCaseName }}{{ if hasKey (index .Values $camelCaseName) "failureAction" }}{{ index (index .Values $camelCaseName) "failureAction" }}{{ else }}{{ .Values.failureAction | default "Audit" }}{{ end }}{{ else }}{{ .Values.failureAction | default "Audit" }}{{ end }} scan: {{ if hasKey .Values $camelCaseName }}{{ if hasKey (index .Values $camelCaseName) "scanner" }}{{ index (index .Values $camelCaseName) "scanner" }}{{ else if hasKey .Values "scanner" }}{{ .Values.scanner }}{{ else }}true{{ end }}{{ else if hasKey .Values "scanner" }}{{ .Values.scanner }}{{ else }}true{{ end }} diff --git a/charts/cloud-controls/charts/eks/templates/check-secrets-encryption.yaml b/charts/cloud-controls/charts/eks/templates/check-secrets-encryption.yaml index e3e373c8..d416c8ec 100644 --- a/charts/cloud-controls/charts/eks/templates/check-secrets-encryption.yaml +++ b/charts/cloud-controls/charts/eks/templates/check-secrets-encryption.yaml @@ -13,7 +13,7 @@ metadata: policies.kyverno.io/description: >- Cluster secrets encryption should be enabled. labels: - app: kyverno + app: cloud-control-point spec: failureAction: {{ if hasKey .Values $camelCaseName }}{{ if hasKey (index .Values $camelCaseName) "failureAction" }}{{ index (index .Values $camelCaseName) "failureAction" }}{{ else }}{{ .Values.failureAction | default "Audit" }}{{ end }}{{ else }}{{ .Values.failureAction | default "Audit" }}{{ end }} scan: {{ if hasKey .Values $camelCaseName }}{{ if hasKey (index .Values $camelCaseName) "scanner" }}{{ index (index .Values $camelCaseName) "scanner" }}{{ else if hasKey .Values "scanner" }}{{ .Values.scanner }}{{ else }}true{{ end }}{{ else if hasKey .Values "scanner" }}{{ .Values.scanner }}{{ else }}true{{ end }} diff --git a/charts/cloud-controls/charts/eks/templates/check-supported-k8s-version.yaml b/charts/cloud-controls/charts/eks/templates/check-supported-k8s-version.yaml index 2a6ada58..0ff16299 100644 --- a/charts/cloud-controls/charts/eks/templates/check-supported-k8s-version.yaml +++ b/charts/cloud-controls/charts/eks/templates/check-supported-k8s-version.yaml @@ -13,7 +13,7 @@ metadata: policies.kyverno.io/description: >- This policy checks that EKS clusters are on a standard supported Kubernetes version labels: - app: kyverno + app: cloud-control-point spec: failureAction: {{ if hasKey .Values $camelCaseName }}{{ if hasKey (index .Values $camelCaseName) "failureAction" }}{{ index (index .Values $camelCaseName) "failureAction" }}{{ else }}{{ .Values.failureAction | default "Audit" }}{{ end }}{{ else }}{{ .Values.failureAction | default "Audit" }}{{ end }} scan: {{ if hasKey .Values $camelCaseName }}{{ if hasKey (index .Values $camelCaseName) "scanner" }}{{ index (index .Values $camelCaseName) "scanner" }}{{ else if hasKey .Values "scanner" }}{{ .Values.scanner }}{{ else }}true{{ end }}{{ else if hasKey .Values "scanner" }}{{ .Values.scanner }}{{ else }}true{{ end }} diff --git a/charts/cloud-controls/charts/lambda/templates/check-dead-letter-queue.yaml b/charts/cloud-controls/charts/lambda/templates/check-dead-letter-queue.yaml index 4bd10772..1deca466 100644 --- a/charts/cloud-controls/charts/lambda/templates/check-dead-letter-queue.yaml +++ b/charts/cloud-controls/charts/lambda/templates/check-dead-letter-queue.yaml @@ -13,7 +13,7 @@ metadata: policies.kyverno.io/description: >- Ensure that AWS Lambda function is configured for a Dead Letter Queue(DLQ). labels: - app: kyverno + app: cloud-control-point spec: failureAction: {{ if hasKey .Values $camelCaseName }}{{ if hasKey (index .Values $camelCaseName) "failureAction" }}{{ index (index .Values $camelCaseName) "failureAction" }}{{ else }}{{ .Values.failureAction | default "Audit" }}{{ end }}{{ else }}{{ .Values.failureAction | default "Audit" }}{{ end }} scan: {{ if hasKey .Values $camelCaseName }}{{ if hasKey (index .Values $camelCaseName) "scanner" }}{{ index (index .Values $camelCaseName) "scanner" }}{{ else if hasKey .Values "scanner" }}{{ .Values.scanner }}{{ else }}true{{ end }}{{ else if hasKey .Values "scanner" }}{{ .Values.scanner }}{{ else }}true{{ end }} diff --git a/charts/cloud-controls/charts/lambda/templates/check-env-var-encryption.yaml b/charts/cloud-controls/charts/lambda/templates/check-env-var-encryption.yaml index b597c343..164f0546 100644 --- a/charts/cloud-controls/charts/lambda/templates/check-env-var-encryption.yaml +++ b/charts/cloud-controls/charts/lambda/templates/check-env-var-encryption.yaml @@ -13,7 +13,7 @@ metadata: policies.kyverno.io/description: >- This policy ensures that if environment variables are used in a Lambda function, they should be encrypted. labels: - app: kyverno + app: cloud-control-point spec: failureAction: {{ if hasKey .Values $camelCaseName }}{{ if hasKey (index .Values $camelCaseName) "failureAction" }}{{ index (index .Values $camelCaseName) "failureAction" }}{{ else }}{{ .Values.failureAction | default "Audit" }}{{ end }}{{ else }}{{ .Values.failureAction | default "Audit" }}{{ end }} scan: {{ if hasKey .Values $camelCaseName }}{{ if hasKey (index .Values $camelCaseName) "scanner" }}{{ index (index .Values $camelCaseName) "scanner" }}{{ else if hasKey .Values "scanner" }}{{ .Values.scanner }}{{ else }}true{{ end }}{{ else if hasKey .Values "scanner" }}{{ .Values.scanner }}{{ else }}true{{ end }} diff --git a/charts/cloud-controls/charts/lambda/templates/check-function-concurrency.yaml b/charts/cloud-controls/charts/lambda/templates/check-function-concurrency.yaml index 38523d6f..9418a44b 100644 --- a/charts/cloud-controls/charts/lambda/templates/check-function-concurrency.yaml +++ b/charts/cloud-controls/charts/lambda/templates/check-function-concurrency.yaml @@ -13,7 +13,7 @@ metadata: policies.kyverno.io/description: >- This policy checks whether concurrency level config is set for the Lambda function. labels: - app: kyverno + app: cloud-control-point spec: failureAction: {{ if hasKey .Values $camelCaseName }}{{ if hasKey (index .Values $camelCaseName) "failureAction" }}{{ index (index .Values $camelCaseName) "failureAction" }}{{ else }}{{ .Values.failureAction | default "Audit" }}{{ end }}{{ else }}{{ .Values.failureAction | default "Audit" }}{{ end }} scan: {{ if hasKey .Values $camelCaseName }}{{ if hasKey (index .Values $camelCaseName) "scanner" }}{{ index (index .Values $camelCaseName) "scanner" }}{{ else if hasKey .Values "scanner" }}{{ .Values.scanner }}{{ else }}true{{ end }}{{ else if hasKey .Values "scanner" }}{{ .Values.scanner }}{{ else }}true{{ end }} diff --git a/charts/cloud-controls/charts/lambda/templates/check-lambda-runtime.yaml b/charts/cloud-controls/charts/lambda/templates/check-lambda-runtime.yaml index 7c8615df..e8d6fe36 100644 --- a/charts/cloud-controls/charts/lambda/templates/check-lambda-runtime.yaml +++ b/charts/cloud-controls/charts/lambda/templates/check-lambda-runtime.yaml @@ -13,7 +13,7 @@ metadata: policies.kyverno.io/description: >- This policy ensures that Lambda Runtime is not deprecated labels: - app: kyverno + app: cloud-control-point spec: failureAction: {{ if hasKey .Values $camelCaseName }}{{ if hasKey (index .Values $camelCaseName) "failureAction" }}{{ index (index .Values $camelCaseName) "failureAction" }}{{ else }}{{ .Values.failureAction | default "Audit" }}{{ end }}{{ else }}{{ .Values.failureAction | default "Audit" }}{{ end }} scan: {{ if hasKey .Values $camelCaseName }}{{ if hasKey (index .Values $camelCaseName) "scanner" }}{{ index (index .Values $camelCaseName) "scanner" }}{{ else if hasKey .Values "scanner" }}{{ .Values.scanner }}{{ else }}true{{ end }}{{ else if hasKey .Values "scanner" }}{{ .Values.scanner }}{{ else }}true{{ end }} diff --git a/charts/cloud-controls/charts/lambda/templates/check-lambda-vpc.yaml b/charts/cloud-controls/charts/lambda/templates/check-lambda-vpc.yaml index 97e92e3d..2858c1fb 100644 --- a/charts/cloud-controls/charts/lambda/templates/check-lambda-vpc.yaml +++ b/charts/cloud-controls/charts/lambda/templates/check-lambda-vpc.yaml @@ -14,7 +14,7 @@ metadata: VPC provides isolation and enhanced security to Lambda functions. This policy validates whether vpc_config is specified for the Lambda function. labels: - app: kyverno + app: cloud-control-point spec: failureAction: {{ if hasKey .Values $camelCaseName }}{{ if hasKey (index .Values $camelCaseName) "failureAction" }}{{ index (index .Values $camelCaseName) "failureAction" }}{{ else }}{{ .Values.failureAction | default "Audit" }}{{ end }}{{ else }}{{ .Values.failureAction | default "Audit" }}{{ end }} scan: {{ if hasKey .Values $camelCaseName }}{{ if hasKey (index .Values $camelCaseName) "scanner" }}{{ index (index .Values $camelCaseName) "scanner" }}{{ else if hasKey .Values "scanner" }}{{ .Values.scanner }}{{ else }}true{{ end }}{{ else if hasKey .Values "scanner" }}{{ .Values.scanner }}{{ else }}true{{ end }} diff --git a/charts/cloud-controls/charts/lambda/templates/check-x-ray-tracing-enabled.yaml b/charts/cloud-controls/charts/lambda/templates/check-x-ray-tracing-enabled.yaml index e1b27e51..c9619551 100644 --- a/charts/cloud-controls/charts/lambda/templates/check-x-ray-tracing-enabled.yaml +++ b/charts/cloud-controls/charts/lambda/templates/check-x-ray-tracing-enabled.yaml @@ -16,7 +16,7 @@ metadata: resulted in an error. This policy checks whether X-Ray is enabled for Labmda function. labels: - app: kyverno + app: cloud-control-point spec: failureAction: {{ if hasKey .Values $camelCaseName }}{{ if hasKey (index .Values $camelCaseName) "failureAction" }}{{ index (index .Values $camelCaseName) "failureAction" }}{{ else }}{{ .Values.failureAction | default "Audit" }}{{ end }}{{ else }}{{ .Values.failureAction | default "Audit" }}{{ end }} scan: {{ if hasKey .Values $camelCaseName }}{{ if hasKey (index .Values $camelCaseName) "scanner" }}{{ index (index .Values $camelCaseName) "scanner" }}{{ else if hasKey .Values "scanner" }}{{ .Values.scanner }}{{ else }}true{{ end }}{{ else if hasKey .Values "scanner" }}{{ .Values.scanner }}{{ else }}true{{ end }} diff --git a/charts/cloud-controls/charts/rds/templates/check-rds-cluster-deletion-protection-enabled.yaml b/charts/cloud-controls/charts/rds/templates/check-rds-cluster-deletion-protection-enabled.yaml index 104325bb..c20de192 100644 --- a/charts/cloud-controls/charts/rds/templates/check-rds-cluster-deletion-protection-enabled.yaml +++ b/charts/cloud-controls/charts/rds/templates/check-rds-cluster-deletion-protection-enabled.yaml @@ -16,7 +16,7 @@ metadata: unintended actions from impacting availability or causing data loss. By enabling deletion protection, you ensure that the database remains intact until deliberate action is taken to disable this setting. labels: - app: kyverno + app: cloud-control-point spec: failureAction: {{ if hasKey .Values $camelCaseName }}{{ if hasKey (index .Values $camelCaseName) "failureAction" }}{{ index (index .Values $camelCaseName) "failureAction" }}{{ else }}{{ .Values.failureAction | default "Audit" }}{{ end }}{{ else }}{{ .Values.failureAction | default "Audit" }}{{ end }} scan: {{ if hasKey .Values $camelCaseName }}{{ if hasKey (index .Values $camelCaseName) "scanner" }}{{ index (index .Values $camelCaseName) "scanner" }}{{ else if hasKey .Values "scanner" }}{{ .Values.scanner }}{{ else }}true{{ end }}{{ else if hasKey .Values "scanner" }}{{ .Values.scanner }}{{ else }}true{{ end }} diff --git a/charts/cloud-controls/charts/rds/templates/check-rds-cluster-encrypted-at-rest.yaml b/charts/cloud-controls/charts/rds/templates/check-rds-cluster-encrypted-at-rest.yaml index fb3677b0..0b032cbf 100644 --- a/charts/cloud-controls/charts/rds/templates/check-rds-cluster-encrypted-at-rest.yaml +++ b/charts/cloud-controls/charts/rds/templates/check-rds-cluster-encrypted-at-rest.yaml @@ -17,7 +17,7 @@ metadata: Encrypting your RDS DB clusters protects your data and metadata against unauthorized access. It also fulfills compliance requirements for data-at-rest encryption of production file systems. labels: - app: kyverno + app: cloud-control-point spec: failureAction: {{ if hasKey .Values $camelCaseName }}{{ if hasKey (index .Values $camelCaseName) "failureAction" }}{{ index (index .Values $camelCaseName) "failureAction" }}{{ else }}{{ .Values.failureAction | default "Audit" }}{{ end }}{{ else }}{{ .Values.failureAction | default "Audit" }}{{ end }} scan: {{ if hasKey .Values $camelCaseName }}{{ if hasKey (index .Values $camelCaseName) "scanner" }}{{ index (index .Values $camelCaseName) "scanner" }}{{ else if hasKey .Values "scanner" }}{{ .Values.scanner }}{{ else }}true{{ end }}{{ else if hasKey .Values "scanner" }}{{ .Values.scanner }}{{ else }}true{{ end }} diff --git a/charts/cloud-controls/charts/rds/templates/check-rds-db-proxy-tls.yaml b/charts/cloud-controls/charts/rds/templates/check-rds-db-proxy-tls.yaml index 544f9324..239355ac 100644 --- a/charts/cloud-controls/charts/rds/templates/check-rds-db-proxy-tls.yaml +++ b/charts/cloud-controls/charts/rds/templates/check-rds-db-proxy-tls.yaml @@ -16,7 +16,7 @@ metadata: Protecting this data in transit is important to maintain security of the data. This policy checks if the RDS Proxy is using TLS. labels: - app: kyverno + app: cloud-control-point spec: failureAction: {{ if hasKey .Values $camelCaseName }}{{ if hasKey (index .Values $camelCaseName) "failureAction" }}{{ index (index .Values $camelCaseName) "failureAction" }}{{ else }}{{ .Values.failureAction | default "Audit" }}{{ end }}{{ else }}{{ .Values.failureAction | default "Audit" }}{{ end }} scan: {{ if hasKey .Values $camelCaseName }}{{ if hasKey (index .Values $camelCaseName) "scanner" }}{{ index (index .Values $camelCaseName) "scanner" }}{{ else if hasKey .Values "scanner" }}{{ .Values.scanner }}{{ else }}true{{ end }}{{ else if hasKey .Values "scanner" }}{{ .Values.scanner }}{{ else }}true{{ end }} diff --git a/charts/cloud-controls/charts/rds/templates/check-rds-enhanced-monitoring-enabled.yaml b/charts/cloud-controls/charts/rds/templates/check-rds-enhanced-monitoring-enabled.yaml index 8900dd45..b4d11fa8 100644 --- a/charts/cloud-controls/charts/rds/templates/check-rds-enhanced-monitoring-enabled.yaml +++ b/charts/cloud-controls/charts/rds/templates/check-rds-enhanced-monitoring-enabled.yaml @@ -18,7 +18,7 @@ metadata: These performance changes could result in a lack of availability of the data. Enhanced Monitoring provides real-time metrics of the operating system that your RDS DB instance runs on. An agent is installed on the instance. The agent can obtain metrics more accurately than is possible from the hypervisor layer. labels: - app: kyverno + app: cloud-control-point spec: failureAction: {{ if hasKey .Values $camelCaseName }}{{ if hasKey (index .Values $camelCaseName) "failureAction" }}{{ index (index .Values $camelCaseName) "failureAction" }}{{ else }}{{ .Values.failureAction | default "Audit" }}{{ end }}{{ else }}{{ .Values.failureAction | default "Audit" }}{{ end }} scan: {{ if hasKey .Values $camelCaseName }}{{ if hasKey (index .Values $camelCaseName) "scanner" }}{{ index (index .Values $camelCaseName) "scanner" }}{{ else if hasKey .Values "scanner" }}{{ .Values.scanner }}{{ else }}true{{ end }}{{ else if hasKey .Values "scanner" }}{{ .Values.scanner }}{{ else }}true{{ end }} diff --git a/charts/cloud-controls/charts/rds/templates/check-rds-instance-copy-tags-to-snapshots-enabled.yaml b/charts/cloud-controls/charts/rds/templates/check-rds-instance-copy-tags-to-snapshots-enabled.yaml index 4a31dfe7..b48ffbd2 100644 --- a/charts/cloud-controls/charts/rds/templates/check-rds-instance-copy-tags-to-snapshots-enabled.yaml +++ b/charts/cloud-controls/charts/rds/templates/check-rds-instance-copy-tags-to-snapshots-enabled.yaml @@ -17,7 +17,7 @@ metadata: potential areas of weakness. Snapshots should be tagged in the same way as their parent RDS database instances. Enabling this setting ensures that snapshots inherit the tags of their parent database instances. labels: - app: kyverno + app: cloud-control-point spec: failureAction: {{ if hasKey .Values $camelCaseName }}{{ if hasKey (index .Values $camelCaseName) "failureAction" }}{{ index (index .Values $camelCaseName) "failureAction" }}{{ else }}{{ .Values.failureAction | default "Audit" }}{{ end }}{{ else }}{{ .Values.failureAction | default "Audit" }}{{ end }} scan: {{ if hasKey .Values $camelCaseName }}{{ if hasKey (index .Values $camelCaseName) "scanner" }}{{ index (index .Values $camelCaseName) "scanner" }}{{ else if hasKey .Values "scanner" }}{{ .Values.scanner }}{{ else }}true{{ end }}{{ else if hasKey .Values "scanner" }}{{ .Values.scanner }}{{ else }}true{{ end }} diff --git a/charts/cloud-controls/charts/rds/templates/check-rds-instance-public-access.yaml b/charts/cloud-controls/charts/rds/templates/check-rds-instance-public-access.yaml index d94b68fb..abca3c09 100644 --- a/charts/cloud-controls/charts/rds/templates/check-rds-instance-public-access.yaml +++ b/charts/cloud-controls/charts/rds/templates/check-rds-instance-public-access.yaml @@ -17,7 +17,7 @@ metadata: that resolves to a private IP address. Unless you intend for your RDS instance to be publicly accessible, the RDS instance should not be configured with `PubliclyAccessible` value. Doing so might allow unnecessary traffic to your database instance. labels: - app: kyverno + app: cloud-control-point spec: failureAction: {{ if hasKey .Values $camelCaseName }}{{ if hasKey (index .Values $camelCaseName) "failureAction" }}{{ index (index .Values $camelCaseName) "failureAction" }}{{ else }}{{ .Values.failureAction | default "Audit" }}{{ end }}{{ else }}{{ .Values.failureAction | default "Audit" }}{{ end }} scan: {{ if hasKey .Values $camelCaseName }}{{ if hasKey (index .Values $camelCaseName) "scanner" }}{{ index (index .Values $camelCaseName) "scanner" }}{{ else if hasKey .Values "scanner" }}{{ .Values.scanner }}{{ else }}true{{ end }}{{ else if hasKey .Values "scanner" }}{{ .Values.scanner }}{{ else }}true{{ end }} diff --git a/charts/cloud-controls/charts/rds/templates/check-rds-multi-az-support.yaml b/charts/cloud-controls/charts/rds/templates/check-rds-multi-az-support.yaml index 891cd9c8..6acba91c 100644 --- a/charts/cloud-controls/charts/rds/templates/check-rds-multi-az-support.yaml +++ b/charts/cloud-controls/charts/rds/templates/check-rds-multi-az-support.yaml @@ -16,7 +16,7 @@ metadata: This ensures the availability of the data stored. Multi-AZ deployments allow for automated failover if there is an issue with AZ availability and during regular RDS maintenance. labels: - app: kyverno + app: cloud-control-point spec: failureAction: {{ if hasKey .Values $camelCaseName }}{{ if hasKey (index .Values $camelCaseName) "failureAction" }}{{ index (index .Values $camelCaseName) "failureAction" }}{{ else }}{{ .Values.failureAction | default "Audit" }}{{ end }}{{ else }}{{ .Values.failureAction | default "Audit" }}{{ end }} scan: {{ if hasKey .Values $camelCaseName }}{{ if hasKey (index .Values $camelCaseName) "scanner" }}{{ index (index .Values $camelCaseName) "scanner" }}{{ else if hasKey .Values "scanner" }}{{ .Values.scanner }}{{ else }}true{{ end }}{{ else if hasKey .Values "scanner" }}{{ .Values.scanner }}{{ else }}true{{ end }} diff --git a/charts/cloud-controls/charts/rds/templates/check-rds-storage-encrypted.yaml b/charts/cloud-controls/charts/rds/templates/check-rds-storage-encrypted.yaml index a67a1b99..e4e96099 100644 --- a/charts/cloud-controls/charts/rds/templates/check-rds-storage-encrypted.yaml +++ b/charts/cloud-controls/charts/rds/templates/check-rds-storage-encrypted.yaml @@ -20,7 +20,7 @@ metadata: After your data is encrypted, Amazon RDS handles authentication of access and decryption of your data transparently with a minimal impact on performance. You do not need to modify your database client applications to use encryption. labels: - app: kyverno + app: cloud-control-point spec: failureAction: {{ if hasKey .Values $camelCaseName }}{{ if hasKey (index .Values $camelCaseName) "failureAction" }}{{ index (index .Values $camelCaseName) "failureAction" }}{{ else }}{{ .Values.failureAction | default "Audit" }}{{ end }}{{ else }}{{ .Values.failureAction | default "Audit" }}{{ end }} scan: {{ if hasKey .Values $camelCaseName }}{{ if hasKey (index .Values $camelCaseName) "scanner" }}{{ index (index .Values $camelCaseName) "scanner" }}{{ else if hasKey .Values "scanner" }}{{ .Values.scanner }}{{ else }}true{{ end }}{{ else if hasKey .Values "scanner" }}{{ .Values.scanner }}{{ else }}true{{ end }} diff --git a/charts/cloud-controls/charts/sqs/templates/check-message-retention-period.yaml b/charts/cloud-controls/charts/sqs/templates/check-message-retention-period.yaml index 139623fb..770b98a5 100644 --- a/charts/cloud-controls/charts/sqs/templates/check-message-retention-period.yaml +++ b/charts/cloud-controls/charts/sqs/templates/check-message-retention-period.yaml @@ -13,7 +13,7 @@ metadata: policies.kyverno.io/description: >- This policy checks whether Message Retention Period is under 4 Days. labels: - app: kyverno + app: cloud-control-point spec: failureAction: {{ if hasKey .Values $camelCaseName }}{{ if hasKey (index .Values $camelCaseName) "failureAction" }}{{ index (index .Values $camelCaseName) "failureAction" }}{{ else }}{{ .Values.failureAction | default "Audit" }}{{ end }}{{ else }}{{ .Values.failureAction | default "Audit" }}{{ end }} scan: {{ if hasKey .Values $camelCaseName }}{{ if hasKey (index .Values $camelCaseName) "scanner" }}{{ index (index .Values $camelCaseName) "scanner" }}{{ else if hasKey .Values "scanner" }}{{ .Values.scanner }}{{ else }}true{{ end }}{{ else if hasKey .Values "scanner" }}{{ .Values.scanner }}{{ else }}true{{ end }} diff --git a/charts/cloud-controls/charts/sqs/templates/check-receive-message-wait-time.yaml b/charts/cloud-controls/charts/sqs/templates/check-receive-message-wait-time.yaml index d7cfb164..8b94f064 100644 --- a/charts/cloud-controls/charts/sqs/templates/check-receive-message-wait-time.yaml +++ b/charts/cloud-controls/charts/sqs/templates/check-receive-message-wait-time.yaml @@ -13,7 +13,7 @@ metadata: policies.kyverno.io/description: >- This policy checks whether Receive Message Wait Time is less than 5 sec. labels: - app: kyverno + app: cloud-control-point spec: failureAction: {{ if hasKey .Values $camelCaseName }}{{ if hasKey (index .Values $camelCaseName) "failureAction" }}{{ index (index .Values $camelCaseName) "failureAction" }}{{ else }}{{ .Values.failureAction | default "Audit" }}{{ end }}{{ else }}{{ .Values.failureAction | default "Audit" }}{{ end }} scan: {{ if hasKey .Values $camelCaseName }}{{ if hasKey (index .Values $camelCaseName) "scanner" }}{{ index (index .Values $camelCaseName) "scanner" }}{{ else if hasKey .Values "scanner" }}{{ .Values.scanner }}{{ else }}true{{ end }}{{ else if hasKey .Values "scanner" }}{{ .Values.scanner }}{{ else }}true{{ end }} diff --git a/charts/cloud-controls/charts/sqs/templates/check-visiblity-timeout.yaml b/charts/cloud-controls/charts/sqs/templates/check-visiblity-timeout.yaml index 76efb545..aeeb94cc 100644 --- a/charts/cloud-controls/charts/sqs/templates/check-visiblity-timeout.yaml +++ b/charts/cloud-controls/charts/sqs/templates/check-visiblity-timeout.yaml @@ -13,7 +13,7 @@ metadata: policies.kyverno.io/description: >- Check if the VisiblityTimemout is greater than 30 sec or not labels: - app: kyverno + app: cloud-control-point spec: failureAction: {{ if hasKey .Values $camelCaseName }}{{ if hasKey (index .Values $camelCaseName) "failureAction" }}{{ index (index .Values $camelCaseName) "failureAction" }}{{ else }}{{ .Values.failureAction | default "Audit" }}{{ end }}{{ else }}{{ .Values.failureAction | default "Audit" }}{{ end }} scan: {{ if hasKey .Values $camelCaseName }}{{ if hasKey (index .Values $camelCaseName) "scanner" }}{{ index (index .Values $camelCaseName) "scanner" }}{{ else if hasKey .Values "scanner" }}{{ .Values.scanner }}{{ else }}true{{ end }}{{ else if hasKey .Values "scanner" }}{{ .Values.scanner }}{{ else }}true{{ end }}